It’s up to you, but over here it looks like an abuse of power and a violation of trust. If they can’t be trusted not to look at the data they’re trying to restore (except directly in the service of restoring it) they they can’t be trusted with a business PC containing accounting data or legal correspondence either.
Have you ever done data recovery? Because I have, and part of recovery includes accessing random files to ensure they were restored/recovered correctly. I don’t go digging for incriminating shit, but I do have to make sure the data is readable before I hand it over to the client.
And you can be goddamned sure that if I see CSAM on your machine I’m turning you over to the police and I’ll gladly forego payment to see your ass in bracelets.i have professional ethics, but those don’t include protection of child abusers.
If you’re doing data recovery for a large enough tech firm (such as Best Buy’s Geek Squad service, you may be a mandated reporter of CSAM that you come across, depending on your state and the policy of your company, but in that case the CSAM in question is probably pretty obvious, either labeled as such or the first directory you hopped into.
id est, not because you scanned the drive’s unused blocks specifically looking for it.
